The present disclosure relates generally to cryptography, and more particularly to methods and systems for using cryptography to enforce strict separation of computing environments.
There are many scenarios where it is beneficial to provide separate computing environments.
In one scenario, software such as an operating system kernel may be developed in a development computing environment, and promoted through a quality assurance computing environment, a testing computing environment, and a validation computing environment prior to deployment at a production computing environment. At a production computing environment there may be a systems administrator who installs software according to site or organization localized provisioning policy. Software that is deployed at the production computing environment may generally be release stage software, where software deployed at in the development, quality assurance, testing and validation computing environments may include development applications, testing applications and pre-release stage software.
In another scenario, there may be a plurality of business unit computing environments. In each business unit computing environment there may be a provisioning policy that certain software is to be installed and other software is not to be installed (e.g., an accounting business unit may have access to accounting software but not to human resources software that is used by the human resources business unit). Similarly, there may be different security domain computing environments, each with a provisioning policy to configure systems in the particular security domain computing environment with a particular set of software applications that meet a certain risk-profile.
In some cases, a systems administrator at one computing environment may deploy software into a computing environment that is in violation of the provisioning policy for that computing environment. For example, a systems administrator may deploy an operating system kernel from a development computing environment onto a computing device that is a member of a production computing environment. This deployment may be a violation of the localized provisioning policy.
Currently, the deployment of software is constrained by the diligence of a systems administrator to apply provisioning policy correctly. In many cases, it is trivial for a systems administrator to deploy software that violates localized provisioning policy as there is no strong enforcement mechanism. It is desirable to enforce the localized provisioning policy.